Accéder au contenu principal

Articles

AutoWG: a simple Bash script to connect two devices with Wireguard

Articles récents

CVE-2024-3094: Un backdoor médiatisé ?

 Je propose ici mon avis sur la vulnérabilité "liblzma" du package "xz" que je trouve très "overrated". Il semble que le backdoor CVE-2024-3094 a été très mediatisé, bien que l'impact n'est pas très significatif sur les serveurs en production. Je comprends l'importance des systèmes Linux (qui font tourner Internet) mais ça donne aussi un faux sentiment que la philosophie Opensource a échoué.  - D'une part, les distributions "production ready" qui sont en général connues en tant que "Stable" ou même "LTS" ne déploient pas les dernières versions de XZ. Exemple : Debian, Ubuntu Server 22.04 LTS , RedHat Enterprise Linux, SUSE Linux Enterprise Server, etc. ont toutes des versions de XZ plus anciennes que celle impactée. C'est une philosophie de ne pas déployer les dernières versions des packages avant d'avoir une assurance totale de leur stabilité, surtout dans les environnements de production et les serveu

Gemini vs ChatGPT : test de code C généré pour Fibonacci, Pi et E

Old school tool for news (RSS): NewsFlash

 Being an old school user who was very dependant on RSS feeds to keep me updated on my favourite subjects, I spent a lot of time looking for something that could do this in 2024. Surprisingly, I found a tool called "NewsFlash" which looks like it was tailored exactly for people like me, people who can't live without Slashdot , TheHackerNews and TechCrunch ! I am currently daily-driving Linux Manjaro for more than two years on my personal laptop (while unfortunately I have to work on a Win11 system for my regular job) and, being based on Arch Linux, the cutting edge community-driven Linux distribution, Manjaro is able to provide the latest and greatest opensource (and sometimes proprietary) software via its default repositories. You don't even have to do anything "geeky" to install NewsFlash (or any other package in the repositories) since the Pamac Software Manager is really becoming easy and powerful at the same time! This is NewsFlash, very simple and eas

GNS3 vs VM: iperf3 test for VyOS

 In my last post I tried to simulate a site2site VPN connection using Wireguard via VyOS, my favourite router. It was very easy to implement but the performance was not that great on GNS3. It was not a VyOS issue at all, GNS3 is just a simulation tool and we can't expect real world performance in it, even if it uses Qemu and Linux virtual networking for that end. To prove that, I made the following simple iperf3 test using 3 VyOS routers on GNS3 : No VPN, just simple routing via connected routes through VyOS1.3-3. The result was similar to my Wireguard throughput test, of course considering the header size of Wireguard packets : In my Wireguard test, I reached a bitrate of 53.8 Mbps, which is almost 76% of total bandwidth, and it's a good result, but I had to verify if VyOS is able to route at a greater bitrate. For just that, I created a VyOS VM on VirtualBox and connected two other VyOS VMs to it's interfaces, and made an iperf3 test. The result was clearly better : Reach

GNS3: Simulating a 100% opensource site2site VPN using Wireguard, VyOS and OpenVSwitch

 This is something I had in mind but didn't find the time to accomplish before. It just took a very cold day to convince me that I have to play with Wireguard on VyOS. I used GNS3 of course, on my personal Linux laptop to create this setup. Of course the performance was not that great since it is just a simulation.  In real life, I am using Wireguard on a 10 years old Raspberry Pi Model B and amazingly with just a 700MHz single core ARM CPU and less than 512 MB of RAM I had a decent and stable permanent Wireguard tunnel. (My bandwidth would reach 24 Mbps without issue) Back to my simulation, this is what it looks like : Quick explanation: the VYOS routers labeled IPERF1 and IPERF2 are only used for an iperf3 test, which was able to reach about 50 to 60 Mbps each time. It ain't much but it was honest (and free) secure bandwidth! I won't get into the details of this setup but I will just post the two most important configurations : R-East and R-West : #### VYOS WireGuard Site

Linux: Create an encrypted filesystem inside a file

Create encrypted FS in a file #Create a file and allocate its size : here 1GB dd if=/dev/zero of=encrypteddrive bs=1024 count=1048576 #Setup the encrypted file cryptsetup -y luksFormat encrypteddrive (enter passphrase and confirm) #Open the Encrypted device sudo cryptsetup luksOpen encrypteddrive secretdata  (enter password)    #Create an EXT4 filesystem inside the encrypted file sudo mkfs.ext4 /dev/mapper/secretdata #Create a directory to be the mountpoint mkdir ../mp-encrypted #Mount the encrypted FS  sudo mount /dev/mapper/secretdata ../mp-encrypted/ #After use, unmount the encrypted FS and close the encrypted file sudo umount  ../mp-encrypted/ sudo cryptsetup luksClose secretdata Use: #To access Data, open the file and mount it sudo cryptsetup luksOpen encrypteddrive secretdata sudo mount /dev/mapper/secretdata ../mp-encrypted/ #To close after use, unmount the partition and close the file sudo umount  ../mp-encrypted/ sudo cryptsetup luksClose secretdata Resize the secret file file